cta quote button US

Beware of Crypto Mining Browser Attacks

A new type of attack on user browsers is intended to make money by silently mining bitcoins. Because bitcoins are so valuable these days, some hackers have moved on from stealing credit cards and instead go for your computing power. Crypto-mining hijackers steal your computer resources and use them to mine bitcoins for the attacker. With a large collection of users, the attacker is set to make thousands on bitcoin mining.

What is Crypto Mining?

if_bitcoin_idea_2444870Bitcoins are digital currency created after a user performs a mathematical equation on a computer. Depending on the computer resources, the equations take only milliseconds but every successful calculation renders the user a tiny fraction of a bitcoin. Bitcoins can be used to purchase items on the web, or the user can sell them to cryptocurrency traders for real cash.

Mining is a business for some people. They set up several machines and pool resources to perform calculations. With enough computing power, a miner can earn thousands every year in cryptocurrency. Bitcoin prices have soared recently. Within the last year, some cryptocurrency has gone from a few hundred dollars a bitcoin to tens of thousands of dollars. For an attacker, it’s much easier and accessible to steal computer resources in a web browser rather than attack a website for its credit card data.

Browser-Based Crypto Mining Attacks

if_bitcoin-crypto-currency-mining_2995029Web developers are able to embed connections from a front-end web page to a backend server. This technique is how an attacker attaches his web page to a pool of crypto miners. The web page has embedded code that connects to the attacker’s server and uses the computing power on the local client machine to perform calculations.

The downside of the attack is that it only lasts as long as the user has the web page open or for as long as they keep the browser opened. Like any other web application, once the user closes the page, the application no longer runs on the client machine.

Attackers have come up with a way to trick users into keeping the browser page open. They embed code into a pop-under window, which is a popup that doesn’t display in front of the user’s active browser. Instead, it opens behind the active browser, which hides it from the user who will likely avoid closing it since they don’t know that it’s there.

Even more sophisticated is an attacker’s throttle on the attack. Crypto mining can reduce performance when it uses all computer resources for calculations. Attackers throttle the attack and ensure that CPU usage is only at 80-90%. This leaves the user free to use the computer for other browsing and doesn’t cause the computer to crash which then forces the user to reboot and close the browser. Attackers are also coding their pop-unders to avoid popup blocker applications, so you can’t just rely on a popup blocker to protect your machine’s resources.

If you have a Windows machine, you can see the pop-under in the taskbar, but since Windows groups applications in its taskbar now, it’s not as easily noticeable. It’s up to the user to notice the pop-under, but not ever pop-under is malicious. A telltale sign of an attack is the immediate spike in CPU usage. When you close the pop-under, the CPU usage drops to normal levels. You can view this activity in Task Manager.

You can’t 100% avoid these attacks, but you can be aware of any strange performance struggles after you open a site. If you see this performance degradation, close the browser, look for pop-unders and close them, and your computer will be back to normal.

Need Inspiration? Check Out Some Related Projects and Tasks

Senior Android Developer The Custom Mobile SDK Development

We are looking for a Senior Android developer to join our growing team, and we welcome anyone who is as interested in the blockchain technologies as we are. Your main focus will be all about mobile ... (Ukraine)

Blockchain Developer - C++, Monero, CryptoNote

I require a Blockchain enthusiast and specialist engineer with a love all things Privacy Coin - CryptoNote, Monero, Dero, ZCash etc. to join our team - Good understanding of PoW mechanisms, ... (United Kingdom)

Crypto Mining Consultancy In Regards To Optimize Existing

I have an exisiting "Small" Mining Farm in Switzerland and need help to optimise it. - What pool to be used - what Crypto Currency to be mine now and in the future - optimise and automise the Mining ... (Switzerland)

Merge Fork Bitcoin Diamond And Bitcoin To Create A New Chain

This project is focused on cryptocurrency adoption. We have created an innovative infrastructure to create cryptocurrency denominated storefronts and we would like to tokenize our features by ... (United States)

-
These results are based on the freelance jobs extracted from Upwork.

If you think your friends/network would find this useful, please share it with them – We’d really appreciate it.

1 Comment

  1. Cheska J
    May 4, 2018 at 2:38 pm

    Wow, this is something new to me! Although I am sort of familiar that one can mine for bitcoin, I did not know there were attacks such as there. Is there any way, we would know that we are attacked? Thank you for such an informative post, I definitely learned something that at least I'm a bit more up to date to the trends of such things.

    Reply »

Leave a Comment

We would be glad to get your feedback. Take a moment to comment and tell us what you think.